Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Samsung Electronics Data Leak
Lapsus$ has leaked 190GB of data from Samsung Electronics, made available via torrent. The data includes source code and security information across three parts, affecting Samsung's defense, device security, and various backend systems. The incident follows similar leaks from Nvidia, with no current statement from Samsung.
Nvidia Certificates Used in Malware
Threat actors are using stolen Nvidia certificates from a data leak to sign malware, including Cobalt Strike beacons and Mimikatz. Despite some certificates being expired, Windows still loads them, making the malware appear trustworthy. Researchers Bill Demirkapi, Kevin Beaumont, and Will Dormann reported these findings.
Lorenz Ransomware
Lorenz ransomware, first observed in February 2021 and likely a rebranding of .sZ40 ransomware from October 2020, has targeted over 20 victims in English-speaking countries. The group conducts methodical and customized attacks, performing reconnaissance, moving laterally, and collecting sensitive data. They use scheduled tasks to delete volume shadow copies and clear Windows logs. Unique extortion methods include selling compromised data to competitors or threat actors and leaking data publicly if ransoms are unpaid. The group also sells access to compromised networks. Europol's "No More Ransom" project released a limited decryptor for Lorenz ransomware.
Barracuda Threat Spotlight of Log4Shell Attack
Barracuda's research and monitoring of the Log4Shell vulnerability reveal steady and consistent exploit activity, primarily originating from the US (83%). Other notable sources include Japan (10%), Germany, Netherlands (3%), and Russia (1%). Payloads delivered via the vulnerability range from benign YouTube links to more malicious threats, including cryptominers, VMWare exploits, and DDoS malware. No ransomware attacks leveraging the Log4Shell vulnerability have been observed so far.
Agent Tesla and Remcos RATs Phishing Emails
Bitdefender Labs identifies phishing campaigns leveraging the Russia-Ukraine conflict, distributing Agent Tesla and Remcos RATs through malicious emails. Targets include manufacturing and healthcare sectors.
Mandiant Insight on Russia & Ukraine
Mandiant's analysis of the Russia-Ukraine conflict highlights potential cyber retaliation by Russia against organizations condemning Russia or supporting Ukraine. High-risk sectors include government, financial services, energy, transportation, and media. Russia's offensive tactics involve "controlled escalation," with key threat groups like APT28, TEMP.Isotope, and Sandworm likely to engage in espionage or disruptive attacks. Financial organizations, energy industries, and transportation/logistics companies like FedEx and UPS are at heightened risk. Mandiant urges these sectors to brace for potential attacks as geopolitical tensions escalate.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
